In this video, I walk through the entire creation of the SOC Analyst home lab by Eric Capuano.
https://blog.ecapuano.com/p/so-you-want-to-be-a-soc-analyst-intro
Every mouse click, screen, configuration, etc. You can follow this video to build the lab.
📒 Show Notes 📒
⏰ Markers
1:22 Erics Blog Post So You want to be a soc analyst
1:25 Virtual Machine Setup
1:35 VMWare Install
2:12 Ubuntu (Attacker) Machine vm install
4:06 Windows (Victim) Machine vm install
4:27 VMWare error requested power operation is already in progress and powershell fix
4:47 Removing security defenses from Windows VM
5:16 Windows VM defense removal: Turning off Virus and Threat Protection
6:15 Windows VM defense removal: Group Policy Editor
8:01 Windows VM defense removal: Disabling power configurations
10:03 Windows VM defense removal: Safe Boot
11:29 Windows VM defense removal: Registry Editing
14:04 Installing Sysmon on Windows VM
14:55 Installing LimaCharlie Agent on Windows VM
15:10 LimaCharlie - Creating an organization
15:46 LimaCharlie - Installing agent on Windows VM
18:13 LimaCharlie - Configuring LimaCharlie to ingest Sysmon logs from Windows VM
19:45 Sliver - Setup Sliver c2 Framewor on Ubuntu VM
20:41 Sliver - Get IP network details (this will be different values on your machine)
22:39 Sliver - Editing /etc/netplan/00-installer-config.yaml with network values
25:58 Sliver - SSH into Ubuntu box
26:13 Sliver - Downloading and installing Sliver
27:50 Sliver - Launching Sliver
29:20 Sliver - Pulling Sliver payload down onto Windows VM (victim)
31:46 Sliver - Sliver to access on Windows VM (using a session)
33:33 LimaCharlie - Seeing attacks in limacharlie
35:40 Resources to learn more about windows processes and binaries threat actors use
36:49 Checking VirusTotal via LimaCharlie to see if malware has been seen
38:43 Detection Engineering to detect this attack
40:08 Writing a custom detection rule in LimaCharlie
42:42 Seeing the detection in LimaCharlie work
43:10 Configuring a custom output webhook to add automation and notification to your detection (not in blog post, but cool so i added it)
RESOURCES IN VIDEO
Eric So You Want to Be A SOC Analyst blog post: https://blog.ecapuano.com/p/so-you-want-to-be-a-soc-analyst-intro
Lima Charlie: https://limacharlie.io/
Sliver You'll have to google, this video could be pulled down if i link to it for "reasons"
Sysmon: https://learn.microsoft.com/en-us/sysinternals/downloads/sysmon
SwiftOnSecurity Sysmon Config: https://github.com/SwiftOnSecurity/sysmon-config
EchoTrail: https://www.echotrail.io/
SANS Hunt Evil Poster: https://www.sans.org/posters/hunt-evil/
Living Off The Land Binaries, Scripts and Libraries: https://lolbas-project.github.io/#
Simply Cyber's mission is to help purpose driven professionals make and and take a cybersecurity career further, faster.
SEO
cybersecurity,information security,career,cyber,security,cyber security,cyber for beginners,blue team,cyber job,entry level cybersecurity,entry level,no degree,cyber careers,simply cyber,cyber security for beginners,get into cyber security,how to become a soc analyst,home lab,soc analyst,lima charlie,limacharlie edr,cyber lab,how to build a soc analyst,how to be a soc analyst,working as a soc analyst,cybersecurity for beginners,cybersecurity careers